Ühel kenal päeval, E, 2006-07-31 kell 09:52, kirjutas Tom Lane:
> Andrew Dunstan <[EMAIL PROTECTED]> writes:
> > Martijn van Oosterhout wrote:
> >> Maybe someone should look into enabling slony to not run as a
> >> superuser?
>
> > That was my initial reaction to this suggestion. But then I realis
[EMAIL PROTECTED] (Andrew Dunstan) writes:
> Joshua D. Drake wrote:
>
>>
>>>
>>> As a protection against malice, yes. I think Rod was more
>>> interested in some protection against stupidity.
>>>
>>> Maybe the real answer is that Slony should connect as a
>>> non-superuser and call security definer
Joshua D. Drake wrote:
As a protection against malice, yes. I think Rod was more interested
in some protection against stupidity.
Maybe the real answer is that Slony should connect as a non-superuser
and call security definer functions for the privileged things it
needs to do.
Wouldn'
As a protection against malice, yes. I think Rod was more interested in
some protection against stupidity.
Maybe the real answer is that Slony should connect as a non-superuser
and call security definer functions for the privileged things it needs
to do.
Wouldn't that break Slony's abili
Tom Lane wrote:
Andrew Dunstan <[EMAIL PROTECTED]> writes:
Martijn van Oosterhout wrote:
Maybe someone should look into enabling slony to not run as a
superuser?
That was my initial reaction to this suggestion. But then I realised
that it might well make sense to have a se
On Mon, 2006-07-31 at 09:52 -0400, Tom Lane wrote:
> Andrew Dunstan <[EMAIL PROTECTED]> writes:
> > Martijn van Oosterhout wrote:
> >> Maybe someone should look into enabling slony to not run as a
> >> superuser?
>
> > That was my initial reaction to this suggestion. But then I realised
> > that
Andrew Dunstan <[EMAIL PROTECTED]> writes:
> Martijn van Oosterhout wrote:
>> Maybe someone should look into enabling slony to not run as a
>> superuser?
> That was my initial reaction to this suggestion. But then I realised
> that it might well make sense to have a separate connection-limited
>
On Mon, 2006-07-31 at 15:00 +0200, Martijn van Oosterhout wrote:
> On Mon, Jul 31, 2006 at 08:47:38AM -0400, Rod Taylor wrote:
> > It appears that the superuser does not have connection limit
> > enforcement. I think this should be changed.
>
> So if some admin process goes awry and uses up all th
Nevermind, I realized now that you're talking about a different setting.
> I thought there is a limit for super-users too... citation from:
> http://www.postgresql.org/docs/8.1/static/runtime-config-connection.html#RUNTIME-CONFIG-CONNECTION-SETTINGS
Cheers,
Csaba.
---(e
On Mon, 2006-07-31 at 15:07 +0200, Csaba Nagy wrote:
> On Mon, 2006-07-31 at 15:00, Martijn van Oosterhout wrote:
> > On Mon, Jul 31, 2006 at 08:47:38AM -0400, Rod Taylor wrote:
> > > It appears that the superuser does not have connection limit
> > > enforcement. I think this should be changed.
> >
On Mon, 2006-07-31 at 09:06 -0400, Tom Lane wrote:
> Rod Taylor <[EMAIL PROTECTED]> writes:
> > It appears that the superuser does not have connection limit
> > enforcement. I think this should be changed.
>
> If you're superuser, you are not subject to access restrictions,
> by definition. I can
Martijn van Oosterhout wrote:
On Mon, Jul 31, 2006 at 08:47:38AM -0400, Rod Taylor wrote:
It appears that the superuser does not have connection limit
enforcement. I think this should be changed.
So if some admin process goes awry and uses up all the connection
slots, how does the admi
On Mon, 2006-07-31 at 15:00, Martijn van Oosterhout wrote:
> On Mon, Jul 31, 2006 at 08:47:38AM -0400, Rod Taylor wrote:
> > It appears that the superuser does not have connection limit
> > enforcement. I think this should be changed.
>
> So if some admin process goes awry and uses up all the conn
Rod Taylor <[EMAIL PROTECTED]> writes:
> It appears that the superuser does not have connection limit
> enforcement. I think this should be changed.
If you're superuser, you are not subject to access restrictions,
by definition. I cannot imagine any scenario under which the
above would be a good
On Mon, Jul 31, 2006 at 08:47:38AM -0400, Rod Taylor wrote:
> It appears that the superuser does not have connection limit
> enforcement. I think this should be changed.
So if some admin process goes awry and uses up all the connection
slots, how does the admin get in to see what's happening? If t
It appears that the superuser does not have connection limit
enforcement. I think this should be changed.
Slony in particular does not need more than N connections but does
require being a super user.
--
---(end of broadcast)---
TIP 6: explain an
16 matches
Mail list logo
